p8-casablanca 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +6 -0
- data/README.txt +14 -9
- data/lib/casablanca/rails/filter.rb +33 -22
- data/lib/casablanca.rb +1 -1
- data/test/test_rails_filter.rb +30 -13
- metadata +2 -2
data/History.txt
CHANGED
data/README.txt
CHANGED
|
@@ -9,11 +9,11 @@ Casablanca is a ruby single sign-on client for the CAS 2.0 protocol.
|
|
|
9
9
|
== FEATURES:
|
|
10
10
|
|
|
11
11
|
* Includes a commandline Client to test getting service tickets from a CAS server
|
|
12
|
-
* It can be run as a Rails plugin
|
|
12
|
+
* It can be run as a Rails plugin
|
|
13
|
+
* Supports gatewaying and renewing
|
|
13
14
|
|
|
14
15
|
== TODO:
|
|
15
16
|
|
|
16
|
-
* Add extra attributes returned from the server
|
|
17
17
|
* Implement proxying
|
|
18
18
|
* Check for single signout
|
|
19
19
|
|
|
@@ -35,22 +35,27 @@ In IRB:
|
|
|
35
35
|
|
|
36
36
|
|
|
37
37
|
=== Rails:
|
|
38
|
-
|
|
38
|
+
Configure your Cas server url in environment.rb:
|
|
39
39
|
|
|
40
40
|
Casablanca::Rails::Config.config do |config|
|
|
41
41
|
config[:cas_server_url] = "http://localhost:4567"
|
|
42
|
-
# Always require new credentials for authentication
|
|
43
|
-
config[:renew] = true
|
|
44
42
|
end
|
|
45
43
|
|
|
46
44
|
|
|
45
|
+
Add filters to the protected controllers.
|
|
46
|
+
For most cases you would want the default filter:
|
|
47
47
|
|
|
48
48
|
before_filter Casablanca::Rails::Filter
|
|
49
|
-
|
|
50
|
-
|
|
49
|
+
|
|
50
|
+
If you want users without credentials to view the page as well use the Gateway filter
|
|
51
|
+
|
|
52
|
+
before_filter Casablanca::Rails::GatewayFilter
|
|
53
|
+
|
|
54
|
+
If you want users to always require new credentials for authentication use the renew filter
|
|
51
55
|
|
|
56
|
+
before_filter Casablanca::Rails::RenewFilter
|
|
52
57
|
|
|
53
|
-
|
|
58
|
+
Add something like the following to application.rb to get the current user from the Cas session:
|
|
54
59
|
|
|
55
60
|
def current_user
|
|
56
61
|
if session[:cas_user] && @user.nil?
|
|
@@ -60,7 +65,7 @@ In IRB:
|
|
|
60
65
|
@user
|
|
61
66
|
end
|
|
62
67
|
|
|
63
|
-
|
|
68
|
+
Your logout action could look like:
|
|
64
69
|
|
|
65
70
|
def logout
|
|
66
71
|
Casablanca::Rails::Filter.logout(self)
|
|
@@ -16,15 +16,10 @@ module Casablanca::Rails
|
|
|
16
16
|
config = {}
|
|
17
17
|
yield config
|
|
18
18
|
@cas_server_url = config[:cas_server_url]
|
|
19
|
-
@renew = config[:renew] # always renew the session
|
|
20
19
|
# set logger to rails logger
|
|
21
20
|
Casablanca::Client.logger = ::ActionController::Base.logger
|
|
22
21
|
end
|
|
23
22
|
|
|
24
|
-
def renew
|
|
25
|
-
@renew
|
|
26
|
-
end
|
|
27
|
-
|
|
28
23
|
def cas_server_url
|
|
29
24
|
@cas_server_url
|
|
30
25
|
end
|
|
@@ -74,28 +69,18 @@ module Casablanca::Rails
|
|
|
74
69
|
Casablanca::Client.logger
|
|
75
70
|
end
|
|
76
71
|
|
|
77
|
-
# Always require new credentials for authentication?
|
|
78
|
-
def renew?
|
|
79
|
-
Config.renew
|
|
80
|
-
end
|
|
81
|
-
|
|
82
72
|
# Has the user already talked to the Cas server?
|
|
83
73
|
def authentication_required?(controller)
|
|
84
|
-
|
|
74
|
+
controller.session[:cas_user].nil? && controller.params[:ticket].nil?
|
|
85
75
|
end
|
|
86
76
|
|
|
87
|
-
def redirect_to_cas_login(controller
|
|
88
|
-
controller.
|
|
89
|
-
controller.send(:redirect_to, login_url(controller, :renew => renew))
|
|
77
|
+
def redirect_to_cas_login(controller)
|
|
78
|
+
controller.send(:redirect_to, login_url(controller))
|
|
90
79
|
end
|
|
91
80
|
|
|
92
81
|
def get_credentials(controller)
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
else
|
|
96
|
-
logger.debug "Not authenticated yet. Ticket parameter required"
|
|
97
|
-
end
|
|
98
|
-
redirect_to_cas_login(controller, renew?)
|
|
82
|
+
logger.debug "Not authenticated yet. Ticket parameter required"
|
|
83
|
+
redirect_to_cas_login(controller)
|
|
99
84
|
return false
|
|
100
85
|
end
|
|
101
86
|
|
|
@@ -111,7 +96,7 @@ module Casablanca::Rails
|
|
|
111
96
|
logger.debug "Ticket authentication failed: #{ticket.failure_message}"
|
|
112
97
|
logout(controller)
|
|
113
98
|
logger.debug "Renew login credentials"
|
|
114
|
-
redirect_to_cas_login(controller
|
|
99
|
+
redirect_to_cas_login(controller)
|
|
115
100
|
return false
|
|
116
101
|
end
|
|
117
102
|
end
|
|
@@ -145,7 +130,7 @@ module Casablanca::Rails
|
|
|
145
130
|
return super(controller)
|
|
146
131
|
end
|
|
147
132
|
|
|
148
|
-
def redirect_to_cas_login(controller
|
|
133
|
+
def redirect_to_cas_login(controller)
|
|
149
134
|
controller.session[:cas_gatewayed] = true
|
|
150
135
|
logger.debug "Redirecting to #{login_url(controller, :gateway => true)}"
|
|
151
136
|
controller.send(:redirect_to, login_url(controller, :gateway => true))
|
|
@@ -153,5 +138,31 @@ module Casablanca::Rails
|
|
|
153
138
|
|
|
154
139
|
end
|
|
155
140
|
end
|
|
141
|
+
|
|
142
|
+
##
|
|
143
|
+
# Always require new credentials for authentication?
|
|
144
|
+
class RenewFilter < Filter
|
|
145
|
+
|
|
146
|
+
class << self
|
|
147
|
+
|
|
148
|
+
# Has the user already talked to the Cas server?
|
|
149
|
+
def authentication_required?(controller)
|
|
150
|
+
(controller.session[:cas_user].nil? || controller.session[:cas_renewed].nil?) && controller.params[:ticket].nil?
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
def get_credentials(controller)
|
|
154
|
+
logger.debug "Always require credentials for authentication"
|
|
155
|
+
redirect_to_cas_login(controller)
|
|
156
|
+
return false
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
def redirect_to_cas_login(controller)
|
|
160
|
+
controller.session[:cas_renewed] = true
|
|
161
|
+
logger.debug "Redirecting to #{login_url(controller, :renew => true)}"
|
|
162
|
+
controller.send(:redirect_to, login_url(controller, :renew => true))
|
|
163
|
+
end
|
|
164
|
+
|
|
165
|
+
end
|
|
166
|
+
end
|
|
156
167
|
|
|
157
168
|
end
|
data/lib/casablanca.rb
CHANGED
data/test/test_rails_filter.rb
CHANGED
|
@@ -10,10 +10,8 @@ class TestRailsConfig < Test::Unit::TestCase
|
|
|
10
10
|
def test_config
|
|
11
11
|
Rails::Config.config do |config|
|
|
12
12
|
config[:cas_server_url] = "http://example.com/cas_server"
|
|
13
|
-
config[:renew] = true
|
|
14
13
|
end
|
|
15
14
|
assert_equal 'http://example.com/cas_server/login?service=http%3A%2F%2Flocalhost%3A3000', Rails::Filter.login_url(@controller)
|
|
16
|
-
assert_equal true, Rails::Filter.renew?
|
|
17
15
|
end
|
|
18
16
|
|
|
19
17
|
end
|
|
@@ -71,17 +69,6 @@ class TestRailsFilter < Test::Unit::TestCase
|
|
|
71
69
|
assert_equal true, Filter.filter(@controller)
|
|
72
70
|
assert_equal 'admin', @controller.session[:cas_user]
|
|
73
71
|
end
|
|
74
|
-
|
|
75
|
-
def test_filter_already_authenticated_with_valid_ticket_from_session_but_renew_required
|
|
76
|
-
Config.config do |config|
|
|
77
|
-
config[:cas_server_url] = "http://localhost:4567"
|
|
78
|
-
config[:renew] = true
|
|
79
|
-
end
|
|
80
|
-
service_ticket = get_service_ticket
|
|
81
|
-
@controller.session = {:cas_user => 'admin'}
|
|
82
|
-
assert_equal false, Filter.filter(@controller)
|
|
83
|
-
assert_equal 'admin', @controller.session[:cas_user]
|
|
84
|
-
end
|
|
85
72
|
|
|
86
73
|
def test_filter_not_authenticated
|
|
87
74
|
assert_equal false, Filter.filter(@controller)
|
|
@@ -117,4 +104,34 @@ class TestRailsGatewayFilter < TestRailsFilter
|
|
|
117
104
|
assert_equal nil, @controller.session[:cas_user]
|
|
118
105
|
end
|
|
119
106
|
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
class TestRailsRenewFilter < TestRailsFilter
|
|
110
|
+
def setup
|
|
111
|
+
Config.config do |config|
|
|
112
|
+
config[:cas_server_url] = "http://localhost:4567"
|
|
113
|
+
end
|
|
114
|
+
@controller = Controller.new
|
|
115
|
+
@controller.params = {}
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def test_filter_already_authenticated_on_cas_server_but_renew_required
|
|
119
|
+
Config.config do |config|
|
|
120
|
+
config[:cas_server_url] = "http://localhost:4567"
|
|
121
|
+
end
|
|
122
|
+
service_ticket = get_service_ticket
|
|
123
|
+
@controller.session = {:cas_user => 'admin'}
|
|
124
|
+
assert_equal false, RenewFilter.filter(@controller)
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
def test_filter_already_renewed_with_valid_ticket_from_session_should_not_renew
|
|
128
|
+
Config.config do |config|
|
|
129
|
+
config[:cas_server_url] = "http://localhost:4567"
|
|
130
|
+
end
|
|
131
|
+
service_ticket = get_service_ticket
|
|
132
|
+
@controller.session = {:cas_user => 'admin', :cas_renewed => true}
|
|
133
|
+
assert_equal true, RenewFilter.filter(@controller)
|
|
134
|
+
assert_equal 'admin', @controller.session[:cas_user]
|
|
135
|
+
end
|
|
136
|
+
|
|
120
137
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: p8-casablanca
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Petrik de Heus
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-02-
|
|
12
|
+
date: 2009-02-20 00:00:00 -08:00
|
|
13
13
|
default_executable: casablanca
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|